IT Review for A Barristers’ Chambers

Objectives

The main objectives of the IT review were to:

• Provide a detailed summary of the existing IT configuration and identify any gaps, risks or issues
• Assess the approach to security and compliance and suggest ways to align with best practices and prepare for Cyber Essentials accreditation
• Explore options and recommendations for an infrastructure refresh that would reduce the reliance on on-site servers and increase the use of cloud services
• Develop a strategic roadmap for implementing the proposed changes and achieving the desired outcomes

Methodology

We adopted a collaborative and pragmatic approach to the IT review, involving the following steps:

• Interviewing the client’s key stakeholders, including the IT manager and CEO to understand their business needs, expectations and challenges
• Analysing the current IT environment, including the applications, devices, servers, network, security and cloud services, using various tools and techniques
• Documenting the findings and recommendations in a clear and concise report, highlighting the strengths, weaknesses, opportunities and threats of the existing IT setup
• Presenting the report to the client and discussing the implications, options and priorities for action

Results

The IT review revealed that the client had a simple and standard IT environment, but it was poorly configured and managed by the incumbent MSP, resulting in several problems and vulnerabilities. Some of the key findings and recommendations were:

• The on-site servers were over-engineered and under-utilised, creating a single point of failure and a potential business continuity risk
• The Microsoft 365 cloud platform was not properly secured or optimised, exposing our client to cyber threats and performance issues
• The device management and patching processes were inconsistent and unmonitored, leaving some devices unprotected and outdated
• The email security and archiving solutions were inadequate, increasing the risk of data loss and compliance breaches
• The backups of the local and cloud data were not verified or tested, compromising the data integrity and recovery capability
• The documentation of the IT environment was missing or outdated, making it difficult to understand and maintain the IT infrastructure
• The relationship with the MSP was volatile and unprofessional, affecting the quality and reliability of the IT service and support

We advised the client to take immediate action to secure their IT environment and manage a graceful exit from the incumbent MSP.

We also suggested moving towards a cloud-based IT model that would reduce the need for on-site servers and increase the efficiency and scalability of the IT services. We proposed a strategic roadmap that included the following steps:

• Ensuring that our client had full access and control over their IT environment and documentation
• Engaging a trusted Microsoft 365 partner to review and improve the security and performance of the cloud platform
• Implementing a device management and patching solution that would enforce and monitor the security policies across all devices
• Considering an email archiving solution that would preserve and protect all emails and comply with the data retention requirements
• Implementing a cloud backup solution that would safeguard the data stored in Microsoft 365 and other cloud services
• Moving the Lex application, the main business application for barristers, from the on-site server to a cloud-hosted version
• Moving the network shares, the document storage for staff, to SharePoint Online or Microsoft Teams
• Using Windows 365 Cloud PC for remote access and secure printing
• Undertaking a Cyber Essentials assessment and certification process